Stratum
Your logs already have the answers.
Stratum reads them — automatically — and builds the investigation record your auditors, insurers, and regulators expect.
Every system you run generates logs. What you don't have is a permanent, structured record of what those logs mean — one that survives an audit, holds up in court, and doesn't require an engineer to interpret. Stratum sits on top of the logs you already produce, monitors them continuously, and builds an immutable investigation record from the moment something happens. No new logging infrastructure. No format changes. Just the record that was always supposed to exist.
See how Stratum worksOCR doesn't warn you before it calls.
Stratum reads your EHR audit logs continuously — so when you need to answer for what happened, you already have the record.
Your EHR generates an audit log every time a record is accessed. Epic, Cerner, athenahealth — they all do it. What most practices don't have is anyone reading those logs, or any system built to catch the access patterns that signal a breach: a staff member reviewing their own family's records, a terminated credential used after hours, bulk downloads the week before a resignation. Unauthorized access runs undetected for months because there is nothing watching.
When OCR investigates, the question isn't whether the breach happened. The question is what you knew, when you knew it, and what record you have. A compliance officer who can reconstruct exactly what was accessed, by whom, and in what sequence — in minutes, using plain English — is in a fundamentally different position than one piecing together spreadsheet exports two days before the response deadline.
Stratum closes that gap automatically. AI agents monitor your EHR log stream around the clock, detect access patterns that require review, and create structured investigation records as append-only, immutable entries. No IT specialist required. Your data never leaves your infrastructure. And if OCR ever does call, the record is already built.
Continuous monitoring of EHR audit logs without changing how your systems log — connect once, monitor always
Append-only, immutable investigation records built automatically — every finding timestamped, authored, and permanent
Natural language investigation — any compliance officer can query what happened and by whom, no SQL required
Automated log review isn't optional anymore.
PCI DSS 4.0 Requirement 10 is in effect. Stratum is the automated review layer that closes your compliance gap — and shows your QSA the evidence.
As of April 1, 2025, PCI DSS 4.0 requires automated audit log review for anyone handling cardholder data. Manual review — someone spot-checking logs each week — no longer satisfies the requirement. Most SMBs in payments, fintech, and insurance are currently non-compliant, and the fines for non-compliance run from $5,000 to $100,000 per month. This is not a future risk. It is a current exposure.
Stratum's Event Monitor continuously analyzes your CDE log streams — from payment processors, cloud infrastructure, and accounting systems — flags anomalies through automated threshold monitoring, and creates structured investigation tickets as append-only, immutable records. Every finding is timestamped and authored. When your QSA asks for evidence of automated log review, you open Stratum and show them the audit trail. Built for PCI DSS 4.0 Requirement 10 — that's the specific control Stratum addresses.
For insurance and claims operations, the pain is different but the architecture is the same. Every claim event is recorded as an append-only entry from day one — not reconstructed from email threads when litigation arrives. Cross-claim fraud correlation becomes possible because the data structure was right from the start. The timeline that used to cost days of investigator time is already built.
Automated threshold monitoring of CDE log streams — satisfies PCI DSS 4.0 Req. 10.4.1.1's automated review mandate
Append-only, immutable investigation records for every flagged event — QSA-ready evidence from day one
Claims and fraud timelines built automatically — every event recorded from the moment it happens, not reconstructed after the fact
When the incident is over, where's the record?
Stratum builds the permanent investigation log automatically — from the logs you already produce — so your cyber insurer and SOC 2 auditor have something to look at.
The 2am incident goes like this: Slack, Grafana, three browser tabs, a Jira ticket someone created and forgot to update, and a CloudWatch alarm nobody can explain. You fix it. By morning, what actually happened — what you checked, what you found, what you decided — is scattered across tools that were never designed to hold an investigation together. The post-mortem, if it happens at all, is written from memory.
Cyber insurers and SOC 2 auditors don't want a post-mortem written from memory. They want a structured, immutable record of the incident: what was detected, when, by whom, what actions were taken, and how it was resolved. Standard tools — Jira, Slack, PagerDuty — are mutable by design. Anything mutable is not evidence.
Stratum plugs into your existing log streams without format changes and connects inbound alerts from Prometheus, Datadog, CloudWatch, and other monitoring tools via webhook. When a threshold condition is met, it auto-creates an investigation ticket, assigns the relevant team, and starts building the record automatically — every finding timestamped and permanent. By the time the incident is resolved, the audit-ready record already exists. No one had to write it.
Permanent, append-only incident records built automatically — every action timestamped and authored, without anyone writing a post-mortem
Inbound webhook receiver for Prometheus, Datadog, CloudWatch, and PagerDuty alerts — drop-in layer for teams re-evaluating their stack
UTC timestamp normalization across cloud, on-prem, and third-party log sources — one coherent timeline, even when your sources disagree
When the judge asks, your spreadsheet won't answer.
Stratum records every legal hold event as a permanent, timestamped entry — the document access audit trail that holds up where email threads and spreadsheets don't.
Legal hold administration on email and spreadsheets has one fatal flaw: neither survives a spoliation challenge under FRCP Rule 37(e). An adverse inference instruction, evidence preclusion, or case dismissal is the consequence when a court determines that relevant evidence was not properly preserved — and that the record of preservation does not hold together. The risk is not hypothetical. Federal courts have imposed sanctions in cases where the hold documentation was the only thing that needed to be right.
Stratum's append-only HOLD ticket type records every legal hold event — issuance, custodian acknowledgment, extension, lifting — as a permanent, timestamped, authored entry. Architecturally, entries cannot be altered. The document access audit trail is built as events happen, not reconstructed after the fact. Self-hosted, containerized deployment means the client controls all data entirely — Algebrics has zero access to your matter activity, which is the only viable model for work protected by attorney-client privilege.
There is a second conversation beginning at law firms right now. AI is already being used for contract review, research, and drafting. Most firms have no record of what the AI did, when it did it, or on whose instruction. Stratum logs every AI agent action as an immutable, timestamped entry automatically — the audit record that satisfies EU AI Act logging obligations and ABA competence obligations around generative AI, before they become the next thing a regulator asks about.
Append-only, immutable HOLD ticket records for every legal hold event — document access audit trail built to withstand FRCP Rule 37(e) scrutiny
Self-hosted deployment with zero Algebrics access — attorney-client privileged matter activity never leaves the client's infrastructure
Automatic AI action logging — every AI agent action timestamped and permanently recorded, satisfying emerging AI governance audit obligations